package org.shoukaiseki.plugin.corss;

import org.shoukaiseki.common.logger.Logger;
import org.shoukaiseki.plugin.corss.config.PluginCorssProperties;
import org.shoukaiseki.plugin.corss.logger.FixedLoggers;
import org.springframework.stereotype.Component;

import javax.annotation.Resource;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * org.shoukaiseki.plugin.corss.CorssFilter
 * <br>
 *
 * @author shoukaiseki ブログ http://www.shoukaiseki.top/<br> E-メール jiang28555@Gmail.com<br>
 * @date 2020-11-30 17:40:51<br>
 */
//@Configuration
@Component
public class CorssFilter  implements Filter {

    final static Logger logger= FixedLoggers.PLUGIN_CORSS_LOGGER;

    @Resource
    PluginCorssProperties pluginCorssProperties;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) servletResponse;

        HttpServletRequest request = (HttpServletRequest) servletRequest;

        String origin = request.getHeader("Origin");
        String[] allowedorigins=pluginCorssProperties.getAllowedorigins();
        if(allowedorigins.length==1&&allowedorigins[0].equals("*")){
            response.setHeader("Access-Control-Allow-Origin", origin);
            response.setHeader("allowedOrigins", origin);
        }else {
            for (String originTemp:pluginCorssProperties.getAllowedorigins() ) {
                if(originTemp.equals(origin)){

                    logger.debugLambar(logger -> {
                        logger.debug("Access-Control-Allow-Origin={}",originTemp);
                        logger.debug("allowedOrigins={}",originTemp);
                    });
                    response.setHeader("Access-Control-Allow-Origin", originTemp);
                    response.setHeader("allowedOrigins", originTemp);
                }
            }
        }

        logger.debugLambar(logger -> logger.debug("CorssFilter.method={}",((HttpServletRequest) servletRequest).getMethod()));

        //测试允许所有跨域请求,
        //当 ajax 设置了  xhrFields: { withCredentials: true }, 携带cookie跨域访问时,不能设置跨域 *
        //测试机子可以用这种方式,但是正式服务推荐使用 实际地址,例如:[http://localhost:8080]
//        response.setHeader("Access-Control-Allow-Origin","*");

//        response.setHeader("Access-Control-Allow-Origin", origin);
//        response.setHeader("allowedOrigins", origin);

        //允许跨域证书
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, PATCH, DELETE, PUT");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
        filterChain.doFilter(servletRequest, servletResponse);
    }

    @Override
    public void destroy() {

    }
}
